// Comparison

Evasive Malware vs Practical Reverse Engineering: Which Should You Read?

Two cybersecurity books on Malware, compared honestly: who each is for, what each does best, and which to read first.

Advanced

4/52024

A Field Guide to Detecting, Analyzing, and Defeating Advanced Threats

Kyle Cucci

Kyle Cucci on the anti-analysis arms race: sandbox detection, anti-debug, anti-VM, packing, and the analyst-side tooling and tradecraft that get past those layers.

Advanced

4/52014

Practical Reverse Engineering

x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation

Bruce Dang, Alexandre Gazet, Elias Bachaalany

A working reverser's textbook from three Microsoft / Quarkslab veterans, covering the architectures and toolchain you'll actually meet on real targets, including the Windows kernel and modern obfuscation patterns.

Read this if

Malware analysts who finished Practical Malware Analysis and keep getting beaten by samples that detect their sandbox. The current reference on anti-analysis tradecraft, by a respected sandbox-and-detection practitioner.

Reverse engineers transitioning from "I can read disassembly" to "I can audit a Windows kernel driver." The architecture-first companion to Practical Malware Analysis.

Skip this if

Beginners. Cucci assumes you already know how to set up a sandbox, run static and dynamic analysis, and read assembly; the book picks up where PMA leaves off.

Beginners with no assembly background, or readers focused exclusively on Linux/userland. The book is heavy on Windows internals and assumes you'll do the exercises in WinDbg.

Key takeaways

Anti-VM and anti-sandbox checks now run as the first instructions of most samples; the book catalogues the dominant patterns and how to neutralise them.
Modern packers are conceptually simple but operationally demanding; Cucci's framing of unpacking-as-staged-emulation is the cleanest in print.
Control-flow obfuscation (opaque predicates, virtualization-based protections) is the analyst's hardest current problem; the chapters on it justify the book on their own.

x86, x64, ARM, kernel-mode debugging, and anti-RE techniques in a single coherent volume; nothing else competes for breadth.
The kernel debugging chapters are the practical introduction the official Windows Internals book never quite delivers for security audiences.
Anti-RE coverage (obfuscation, packing, anti-debug, virtualization-based protection) is the bridge to modern malware analysis that PMA consciously skips.

How they compare

Evasive Malware and Practical Reverse Engineering are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Both books target advanced-level readers, so the choice is about topic, not difficulty.

Evasive Malware and Practical Reverse Engineering both cover Malware, Reverse Engineering, so reading them in sequence reinforces the same material from different angles.

Keep reading

Evasive Malware

→ Alternatives to Evasive Malware → What to read after Evasive Malware